Microsoft Windows XP, XP SP1, XP SP2 RSAENH.DLL Security policy
5
RSAENH operates under several rules that encapsulate its security policy.
·
RSAENH is supported on Windows XP, XP SP1 and XP SP2.
·
RSAENH provides no user authentication; however, it relies on Microsoft Windows XP for the
authentication of users.
·
RSAENH enforces a single role, Authenticated User, which is a combination of the User and
Cryptographic Officer roles as defined in FIPS PUB 140-1.
·
All users authenticated by Microsoft Windows XP employ the Authenticated User role.
·
All the services provided by the RSAENH DLL are available to the Authenticated User role.
·
Keys created within RSAENH by one user are not accessible to any other user via RSAENH.
·
RSAENH stores keys in the file system, but relies upon Microsoft Windows XP for the encryption
of the keys prior to storage.
·
RSAENH supports the following FIPS-approved algorithms: AES, DES, 3DES, HMAC-SHA-1,
SHA-1, and RSA; and RSAENH provides the required self-tests for these FIPS-approved
algorithms.
·
RSAENH supports the following non-FIPS approved algorithms: RC4, RC2, and MD5
1; and
though these algorithms may not be used when operating the module in a FIPS compliant
manner, the module provides power-up self-tests to provide extra security for non FIPS users.
1 Applications may not use any of these non-FIPS algorithms if they need to be FIPS compliant. To operate the module in a FIPS
compliant manner, applications must only use FIPS-approved algorithms.
SECURITY POLICY